"Sticky" (pinned?) --deps-only

[RalfJung]

Use-case: We are using opam to describe the (build-)dependencies of our project. We would like to provide a make build-dep that will install the dependencies in such a way that a future opam upgrade does not invalidate them.

It is tempting to use opam install --deps-only for this, but that does not work (and I am not talking about the related issue #2764 here, which was solved with opam 2): --deps-only makes sure that dependencies are satisfied right now, but leaves no trace about this in the state so that opam upgrade feels free to break the dependencies again.

What we currently do is rather horrible: We use sed to patch the opam file to create a package called $PACKAGE-builddep that has empty build and install scripts, but the same dependencies as the main package. Then we install that. This has the same effect as --deps-only in that dependencies of the main package get installed, but moreover, opam upgrade considers the dependencies of $PACKAGE-builddep as constraints and thus does not break the build.

it would be great if opam could provide this somehow more streamlined. However, I am not aware of any package manager that does...

[AltGr]

Indeed, I see that it would be useful. Not really a full feature, but a quick fix to make the situation just a little better could be to add an option to opam lock to keep dependencies only ; doing mostly what you did with some sed.

Another idea (probably a bad one, but consistent in a way) would be that opam install DIR --deps-only pins all the (direct) dependencies. That more or less achieves the goal, but you lose track of the reasons for the pinnings. Also, it is less expressive than the solution above, as you can't pin conflicts that way. It could still be an option...

[AltGr]

(Forgot to mention that a full-fledged solution would be possible, if more involved: it would involve adding one more package status (besides 'installed' and 'removed') to keep the record of the package's constraints. It would be a deep change (even package listings, etc. would need to be updated) and need some hacks around the solver, though)

[Drup]

An option opam install --also-pin that would pin all the root packages installed this way sound like something useful. It would work with --deps-only in the expected way (by pinning all the deps, which are now roots).

[RalfJung]

Another idea (probably a bad one, but consistent in a way) would be that opam install DIR --deps-only pins all the (direct) dependencies

If a package depends on "Coq 8.7.x", this would fix the Coq version -- whereas ideally, it should still be possible to update from Coq 8.7.0 to 8.7.1.

Would a lock file be able to properly handle this?

[AltGr]

No, the only way to ensure a constraint like coq >= 8.7.0 at the moment is the one you used in your hack: a custom package. Only the full-fledged solution I proposed above would allow that without really installing a package (by marking it as "installed-with-deps-only")